@toa.io/extensions.exposition 1.0.0-alpha.15 → 1.0.0-alpha.150

package/features/cache.feature

@@ -1,15 +1,50 @@
+@security
 Feature: Caching
 
   Background:
     Given the `identity.basic` database contains:
       # developer:secret
       # user:12345
-      | _id                              | username  | password                                                     |
-      | b70a7dbca6b14a2eaac8a9eb4b2ff4db | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
+      | _id                              | authority | username  | password                                                     |
+      | b70a7dbca6b14a2eaac8a9eb4b2ff4db | nex       | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
     Given the `identity.roles` database contains:
       | _id                              | identity                         | role      |
       | 775a648d054e4ce1a65f8f17e5b51803 | b70a7dbca6b14a2eaac8a9eb4b2ff4db | developer |
 
+  Scenario: Default caching
+    Given the annotation:
+      """yaml
+      /:
+        anonymous: true
+        GET:
+          dev:stub: foo
+        /private:
+          auth:role: developer
+          GET:
+            dev:stub: bar
+      """
+    When the following request is received:
+      """
+      GET / HTTP/1.1
+      host: nex.toa.io
+      """
+    Then the reply does not contain:
+      """
+      cache-control:
+      """
+    When the following request is received:
+      """
+      GET /private/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+
+      cache-control: no-store
+      """
+
   Scenario: Caching successful response
     Given the annotation:
       """yaml
@@ -23,6 +58,7 @@ Feature: Caching
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -53,9 +89,22 @@ Feature: Caching
           GET:
             dev:stub: hello
       """
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ token }}
+      cache-control: no-store
+      """
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -69,8 +118,9 @@ Feature: Caching
     When the following request is received:
       """
       GET /foo/ HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
-      authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      authorization: Token ${{ token }}
       """
     Then the following reply is sent:
       """
@@ -83,8 +133,9 @@ Feature: Caching
     When the following request is received:
       """
       GET /bar/ HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
-      authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      authorization: Token ${{ token }}
       """
     Then the following reply is sent:
       """
@@ -111,6 +162,7 @@ Feature: Caching
     When the following request is received:
       """
       POST / HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the reply does not contain:
@@ -130,8 +182,21 @@ Feature: Caching
       """
     When the following request is received:
       """
-      GET / HTTP/1.1
+      GET /identity/ HTTP/1.1
+      host: nex.toa.io
       authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ token }}
+      cache-control: no-store
+      """
+    When the following request is received:
+      """
+      GET / HTTP/1.1
+      host: nex.toa.io
+      authorization: Token ${{ token }}
       accept: text/plain
 
       """
@@ -155,9 +220,103 @@ Feature: Caching
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the reply does not contain:
       """
       cache-control:
       """
+
+  Scenario: Private responses are sent with `vary: authorization`
+    Given the `identity.basic` database contains:
+      | _id                              | authority | username  | password                                                     |
+      | efe3a65ebbee47ed95a73edd911ea328 | nex       | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
+    And the annotation:
+      """yaml
+      /:
+        /:id:
+          auth:id: id
+          cache:control: max-age=10000
+          GET:
+            dev:stub: Keep it
+        /sessions/:id:
+          auth:id: id
+          GET:
+            dev:stub: Keep it
+      """
+    When the following request is received:
+      """
+      GET /efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ token }}
+      cache-control: no-store
+      """
+    When the following request is received:
+      """
+      GET /efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Token ${{ token }}
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      cache-control: private, max-age=10000
+      vary: authorization
+      """
+    When the following request is received:
+      """
+      GET /sessions/efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Token ${{ token }}
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      cache-control: private
+      vary: authorization
+      """
+
+  Scenario: Authenticated `no-cache` responses
+    Given the `identity.basic` database contains:
+      | _id                              | authority | username  | password                                                     |
+      | efe3a65ebbee47ed95a73edd911ea328 | nex       | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
+    And the annotation:
+      """yaml
+      /:
+        /:id:
+          auth:id: id
+          cache:control: no-cache
+          GET:
+            dev:stub: Keep it
+      """
+    When the following request is received:
+      """
+      GET /efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      """
+    # no-store since the response contains the token
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ token }}
+      cache-control: no-store
+      """
+    When the following request is received:
+      """
+      GET /efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Token ${{ token }}
+      """
+    # private is added since the response is authenticated
+    Then the following reply is sent:
+      """
+      200 OK
+      cache-control: private, no-cache
+      """

package/features/cors.feature

@@ -1,3 +1,4 @@
+@security
 Feature: CORS Support
 
   Scenario: Using CORS
@@ -12,13 +13,14 @@ Feature: CORS Support
     When the following request is received:
       """
       OPTIONS / HTTP/1.1
+      host: nex.toa.io
       origin: https://hello.world
       """
     Then the following reply is sent:
       """
       204 No Content
       access-control-allow-origin: https://hello.world
-      access-control-allow-methods: GET, POST, PUT, PATCH, DELETE
+      access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, LOCK, UNLOCK
       access-control-allow-headers: accept, authorization, content-type, etag, if-match, if-none-match
       access-control-allow-credentials: true
       access-control-max-age: 3600
@@ -28,13 +30,15 @@ Feature: CORS Support
     When the following request is received:
       """
       GET /foo/ HTTP/1.1
+      host: nex.toa.io
       origin: https://hello.world
       """
     Then the following reply is sent:
       """
       200 OK
       access-control-allow-origin: https://hello.world
-      access-control-expose-headers: authorization, content-type, content-length, etag
+      access-control-allow-credentials: true
+      access-control-expose-headers: authorization, content-type, content-length, etag, last-modified
       vary: origin
       """
 
@@ -49,6 +53,7 @@ Feature: CORS Support
     When the following request is received:
       """
       GET /bar/ HTTP/1.1
+      host: nex.toa.io
       origin: https://hello.world
       """
     Then the following reply is sent:
@@ -61,6 +66,7 @@ Feature: CORS Support
     When the following request is received:
       """
       GET /foo/ HTTP/1.1
+      host: nex.toa.io
       origin: https://hello.world
       """
     Then the following reply is sent:

package/features/debug.feature

@@ -0,0 +1,34 @@
+Feature: Debugging
+
+  Scenario: Operation call
+    Given the `identity.basic` database contains:
+      | _id                              | authority | username  | password                                                     |
+      | efe3a65ebbee47ed95a73edd911ea328 | nex       | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
+    And the `identity.roles` database contains:
+      | _id                              | identity                         | role      |
+      | 775a648d054e4ce1a65f8f17e5b51803 | efe3a65ebbee47ed95a73edd911ea328 | developer |
+    And the annotation:
+      """yaml
+      debug: true
+      """
+    And the `greeter` is running with the following manifest:
+      """yaml
+      exposition:
+        /:
+          auth:role: developer
+          io:output: true
+          GET: greet
+      """
+    When the following request is received:
+      """
+      GET /greeter/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
+      accept: text/plain
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+
+      Hello
+      """

package/features/dev.feature

@@ -0,0 +1,56 @@
+Feature: Dev
+
+  Scenario: Delays
+    Given the annotation:
+      """yaml
+      /:
+        io:output: true
+        anonymous: true
+        dev:sleep: 3000
+        GET:
+          dev:stub: hello
+        /nested:
+          GET:
+            dev:stub: world
+      """
+    # CORS permission
+    When the following request is received:
+      """
+      OPTIONS / HTTP/1.1
+      origin: http://example.com
+      """
+    Then the following reply is sent:
+      """
+      204 No Content
+      access-control-allow-headers: accept, authorization, content-type, etag, if-match, if-none-match, sleep
+      """
+    When the following request is received:
+      """
+      GET / HTTP/1.1
+      sleep: 2500
+      """
+    # check the response time
+    Then the following reply is sent:
+      """
+      200 OK
+      """
+    When the following request is received:
+      """
+      GET /nested/ HTTP/1.1
+      sleep: 500
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      """
+    When the following request is received:
+      """
+      GET / HTTP/1.1
+      sleep: 3500
+      """
+    Then the following reply is sent:
+      """
+      400 Bad Request
+
+      "Invalid sleep duration"
+      """

package/features/directives.feature

@@ -13,6 +13,7 @@ Feature: Directives
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: application/json
       """
     Then the following reply is sent:
@@ -38,6 +39,7 @@ Feature: Directives
     When the following request is received:
       """
       GET /pots/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -50,6 +52,7 @@ Feature: Directives
     When the following request is received:
       """
       GET /pots/non-existent/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:

package/features/dynamic.feature

@@ -9,6 +9,7 @@ Feature: Dynamic tree updates
     Given the Gateway is running
     And the `pots` is running with the following manifest:
       """yaml
+      version: 1
       exposition:
         /:
           io:output: true
@@ -18,6 +19,7 @@ Feature: Dynamic tree updates
     When the following request is received:
       """
       GET /pots/ HTTP/1.1
+      host: nex.toa.io
       """
     Then the following reply is sent:
       """
@@ -26,6 +28,7 @@ Feature: Dynamic tree updates
     Then the `pots` is stopped
     Then the `pots` is running with the following manifest:
       """yaml
+      version: 2
       exposition:
         /:
           io:output: true
@@ -34,6 +37,45 @@ Feature: Dynamic tree updates
     When the following request is received:
       """
       GET /pots/ HTTP/1.1
+      host: nex.toa.io
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      """
+
+  Scenario: Repeat routes
+    Given the Gateway is running
+    And the `pots` is running with the following manifest:
+      """yaml
+      exposition:
+        /:
+          io:output: true
+          GET: enumerate
+      """
+    When the following request is received:
+      """
+      GET /pots/ HTTP/1.1
+      host: nex.toa.io
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      """
+    Then the `pots` is stopped
+    And the `pots` is running with the following manifest:
+      """yaml
+      exposition:
+        /:
+          io:output: true
+          GET: enumerate
+      """
+    When the following request is received:
+      """
+      GET /pots/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -44,6 +86,7 @@ Feature: Dynamic tree updates
   Scenario: Updating routes with conflict
     And the `pots` is running with the following manifest:
       """yaml
+      version: 1.0.0
       exposition:
         /:id:
           io:output: true
@@ -52,6 +95,7 @@ Feature: Dynamic tree updates
     Then the `pots` is stopped
     Then the `pots` is running with the following manifest:
       """yaml
+      version: 1.1.0
       exposition:
         /:
           io:output: true
@@ -66,6 +110,7 @@ Feature: Dynamic tree updates
     When the following request is received:
       """
       GET /pots/big/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -76,6 +121,7 @@ Feature: Dynamic tree updates
   Scenario: Updating method mapping
     Given the `pots` is running with the following manifest:
       """yaml
+      version: a
       exposition:
         /big:
           io:output: true
@@ -87,6 +133,7 @@ Feature: Dynamic tree updates
     Then the `pots` is stopped
     Then the `pots` is running with the following manifest:
       """yaml
+      version: b
       exposition:
         /big:
           io:output: true
@@ -98,6 +145,7 @@ Feature: Dynamic tree updates
     When the following request is received:
       """
       GET /pots/big/?criteria=temperature>50 HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:

package/features/errors.feature

@@ -8,6 +8,7 @@ Feature: Errors
     When the following request is received:
       """
       GET <path> HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -30,6 +31,7 @@ Feature: Errors
     When the following request is received:
       """
       GET /basic/greeter HTTP/1.1
+      host: nex.toa.io
       accept: application/json
       """
     Then the following reply is sent:
@@ -37,7 +39,7 @@ Feature: Errors
       404 Not Found
       content-type: application/json
 
-      "Trailing slash is required."
+      "Trailing slash is required"
       """
 
   Scenario: Missing method
@@ -45,6 +47,7 @@ Feature: Errors
     When the following request is received:
       """
       PATCH /greeter/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -56,6 +59,7 @@ Feature: Errors
     When the following request is received:
       """
       COPY /basic/greeter/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       """
     Then the following reply is sent:
@@ -73,6 +77,7 @@ Feature: Errors
     When the following request is received:
       """
       POST /pots/ HTTP/1.1
+      host: nex.toa.io
       accept: application/yaml
       content-type: application/yaml
 
@@ -97,6 +102,7 @@ Feature: Errors
     When the following request is received:
       """
       GET /pots/?limit=1001 HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -104,7 +110,7 @@ Feature: Errors
       400 Bad Request
       content-type: text/plain
 
-      Query limit must be between 1 and 1000 inclusive.
+      Query limit must be between 1 and 100 inclusive
       """
 
   Scenario: Closed query criteria
@@ -115,11 +121,12 @@ Feature: Errors
           GET:
             endpoint: enumerate
             query:
-              criteria: temerature>60
+              criteria: temperature>60
       """
     When the following request is received:
       """
       GET /pots/hot/?criteria=volume>500 HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -127,7 +134,7 @@ Feature: Errors
       400 Bad Request
       content-type: text/plain
 
-      Query criteria is closed.
+      Query criteria is closed
       """
 
   Scenario: Additional query parameters
@@ -141,6 +148,7 @@ Feature: Errors
     When the following request is received:
       """
       GET /pots/?foo=bar HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -148,7 +156,7 @@ Feature: Errors
       400 Bad Request
       content-type: text/plain
 
-      Query must NOT have additional properties
+      Query Property foo is not expected to be here
       """
 
   Scenario: Malformed authorization header
@@ -160,6 +168,7 @@ Feature: Errors
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       authorization: Basic
       accept: text/plain
       """
@@ -167,7 +176,7 @@ Feature: Errors
       """
       401 Unauthorized
 
-      Malformed authorization header.
+      Malformed authorization header
       """
 
   Scenario Outline: Exception is thrown (debug: <debug>)
@@ -182,6 +191,7 @@ Feature: Errors
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: text/plain
       """
     Then the following reply is sent:
@@ -206,9 +216,22 @@ Feature: Errors
     When the following request is received:
       """
       GET / HTTP/1.1
+      host: nex.toa.io
       accept: image/jpeg
       """
     Then the following reply is sent:
       """
       406 Not Acceptable
       """
+
+  Scenario: Not acceptable request with error
+    When the following request is received:
+      """
+      GET /robots.txt HTTP/1.1
+      host: nex.toa.io
+      accept: text/html
+      """
+    Then the following reply is sent:
+      """
+      404 Not Found
+      """